/// <summary> /// 禁用用户权限(优先级高于角色权限) /// </summary> /// <param name="input"></param> /// <returns></returns> public async Task ProhibitPermission(ProhibitPermissionInput input) { var user = await UserManager.GetUserByIdAsync(input.UserId); var permission = _permissionManager.GetPermission(input.PermissionName); await UserManager.ProhibitPermissionAsync(user, permission); }
/// <summary> /// Check whether a user is granted for a permission. /// </summary> /// <param name="userId">User id</param> /// <param name="permissionName">Permission name</param> public virtual async Task <bool> IsGrantedAsync(long userId, string permissionName) { return(await IsGrantedAsync( userId, _permissionManager.GetPermission(permissionName) )); }
public async Task Should_Check_IsGranted_Correctly_When_Logged_In_As_Host_Then_Switched_To_Tenant() { Resolve <IMultiTenancyConfig>().IsEnabled = true; var defaultTenantId = 1; var user = UsingDbContext(defaultTenantId, context => { return(context.Users.Single(f => f.TenantId == defaultTenantId && f.UserName == AbpUserBase.AdminUserName)); }); await _userManager.GrantPermissionAsync(user, _permissionManager.GetPermission(AppPermissions.TestPermission)); var isGranted = await _permissionChecker.IsGrantedAsync(user.ToUserIdentifier(), AppPermissions.TestPermission); isGranted.ShouldBe(true); // Simulate background jobs LoginAsHostAdmin(); using (var uow = _unitOfWorkManager.Begin()) { using (_unitOfWorkManager.Current.SetTenantId(user.TenantId)) { isGranted = await _permissionChecker.IsGrantedAsync(user.ToUserIdentifier(), AppPermissions.TestPermission); isGranted.ShouldBe(true); } } }
public async Task Static_Roles_Can_Have_Default_Granted_Permissions() { await CreateTestStaticRoles(); var tenant = GetTenant("Tenant1"); AbpSession.TenantId = tenant.Id; var adminRole = await RoleManager.GetRoleByNameAsync("admin"); var supporterRole = await RoleManager.GetRoleByNameAsync("supporter"); //Default granted permissions (await RoleManager.IsGrantedAsync(adminRole.Id, "Permission1")).ShouldBe(true); (await RoleManager.IsGrantedAsync(adminRole.Id, "Permission2")).ShouldBe(true); (await RoleManager.IsGrantedAsync(adminRole.Id, "Permission3")).ShouldBe(true); (await RoleManager.IsGrantedAsync(adminRole.Id, "Permission4")).ShouldBe(true); (await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission1")).ShouldBe(true); (await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission2")).ShouldBe(true); (await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission3")).ShouldBe(false); (await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission4")).ShouldBe(false); //Grant new permission that is not granted by default await RoleManager.GrantPermissionAsync(supporterRole, _permissionManager.GetPermission("Permission3")); (await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission3")).ShouldBe(true); //Prohibit a permission that is granted by default await RoleManager.ProhibitPermissionAsync(supporterRole, _permissionManager.GetPermission("Permission1")); (await RoleManager.IsGrantedAsync(supporterRole.Id, "Permission1")).ShouldBe(false); }
public async Task ProhibitPermission(ProhibitPermissionInput input) { var user = await this._userManager.GetUserByIdAsync(input.UserId).ConfigureAwait(false); var permission = _permissionManager.GetPermission(input.PermissionName); await this._userManager.ProhibitPermissionAsync(user, permission).ConfigureAwait(true); }
//It could be better to provide cache mechanism public bool IsGranted(int roleId, string permissionName) { var rolePermission = _rolePermissionRepository.FirstOrDefault(x => x.RoleId == roleId && x.PermissionName == permissionName); if (rolePermission != null) { return(rolePermission.IsGranted); } return(_permissionManager.GetPermission(permissionName).Default); }
/// <summary> /// 禁止权限 /// </summary> /// <param name="input">输入模型</param> /// <returns></returns> public async Task ProhibitPermission(ProhibitPermissionInput input) { //根据Id,获取用户信息 var user = await UserManager.GetUserByIdAsync(input.UserId); //根据权限名称,获取权限信息 var permission = _permissionManager.GetPermission(input.PermissionName); //禁止指定用户的权限 await UserManager.ProhibitPermissionAsync(user, permission); }
public async Task PermissionTests() { var role1 = await CreateRole("Role1"); (await _roleManager.HasPermissionAsync(role1, _permissionManager.GetPermission("Permission1"))).ShouldBe(false); (await _roleManager.HasPermissionAsync(role1, _permissionManager.GetPermission("Permission3"))).ShouldBe(true); await GrantPermission(role1, "Permission1"); await ProhibitPermission(role1, "Permission1"); await ProhibitPermission(role1, "Permission3"); await GrantPermission(role1, "Permission3"); await GrantPermission(role1, "Permission1"); await ProhibitPermission(role1, "Permission3"); var grantedPermissions = await _roleManager.GetGrantedPermissionsAsync(role1); grantedPermissions.Count.ShouldBe(2); grantedPermissions.ShouldContain(p => p.Name == "Permission1"); grantedPermissions.ShouldContain(p => p.Name == "Permission4"); var newPermissionList = new List <Permission> { _permissionManager.GetPermission("Permission1"), _permissionManager.GetPermission("Permission2"), _permissionManager.GetPermission("Permission3") }; await _roleManager.SetGrantedPermissionsAsync(role1, newPermissionList); grantedPermissions = await _roleManager.GetGrantedPermissionsAsync(role1); grantedPermissions.Count.ShouldBe(3); grantedPermissions.ShouldContain(p => p.Name == "Permission1"); grantedPermissions.ShouldContain(p => p.Name == "Permission2"); grantedPermissions.ShouldContain(p => p.Name == "Permission3"); }
/// <summary> /// 判断某用户是否有某权限 /// </summary> /// <param name="userId"></param> /// <param name="permissionName"></param> /// <returns></returns> public virtual async Task <bool> IsGrantedAsync(long userId, string permissionName) { //如果此权限是一个资源按钮,需要检查此按钮是否启用以及是否需要权限 var button = await Resolve <IModuleInfoManager>().FindButtonByPermissionName(permissionName); if (button != null) { //未启用的资源的判断全部为false if (!button.IsEnabled) { return(false); } //已启用的资源若不需要权限,则判定为true else if (!button.RequirePermission) { return(true); } } return(await IsGrantedAsync( userId, _permissionManager.GetPermission(permissionName) )); }
/// <summary> /// Checks if a role is granted for a permission. /// </summary> /// <param name="roleName">The role's name to check it's permission</param> /// <param name="permissionName">Name of the permission</param> /// <returns>True, if the role has the permission</returns> public virtual async Task <bool> IsGrantedAsync(string roleName, string permissionName) { return(await IsGrantedAsync((await GetRoleByNameAsync(roleName)).Id, _permissionManager.GetPermission(permissionName))); }
/// <summary> /// Checks if a role has a permission. /// </summary> /// <param name="roleName">The role's name to check it's permission</param> /// <param name="permissionName">Name of the permission</param> /// <returns>True, if the role has the permission</returns> public virtual async Task <bool> HasPermissionAsync(string roleName, string permissionName) { return(await HasPermissionAsync(await GetRoleByNameAsync(roleName), _permissionManager.GetPermission(permissionName))); }
protected async Task ProhibitPermissionAsync(Role role, string permissionName) { await RoleManager.ProhibitPermissionAsync(role, PermissionManager.GetPermission(permissionName)); (await RoleManager.HasPermissionAsync(role, PermissionManager.GetPermission(permissionName))).ShouldBe(false); }